CN1494010A - Network system - Google Patents

Network system Download PDF

Info

Publication number
CN1494010A
CN1494010A CNA031581374A CN03158137A CN1494010A CN 1494010 A CN1494010 A CN 1494010A CN A031581374 A CNA031581374 A CN A031581374A CN 03158137 A CN03158137 A CN 03158137A CN 1494010 A CN1494010 A CN 1494010A
Authority
CN
China
Prior art keywords
content
server
signature
unit
registration
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CNA031581374A
Other languages
Chinese (zh)
Other versions
CN1287305C (en
Inventor
���ɻ�
竹岛由晃
中原雅彦
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hitachi Ltd
Original Assignee
Hitachi Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hitachi Ltd filed Critical Hitachi Ltd
Publication of CN1494010A publication Critical patent/CN1494010A/en
Application granted granted Critical
Publication of CN1287305C publication Critical patent/CN1287305C/en
Anticipated expiration legal-status Critical
Expired - Fee Related legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/25Integrating or interfacing systems involving database management systems
    • G06F16/258Data format conversion from or to a database
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/123Applying verification of the received information received data contents, e.g. message integrity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/56Provisioning of proxy services
    • H04L67/563Data redirection of data network streams
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/56Provisioning of proxy services
    • H04L67/564Enhancement of application control based on intercepted application data
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/30Definitions, standards or architectural aspects of layered protocol stacks
    • H04L69/32Architecture of open systems interconnection [OSI] 7-layer type protocol stacks, e.g. the interfaces between the data link level and the physical level
    • H04L69/322Intralayer communication protocols among peer entities or protocol data unit [PDU] definitions
    • H04L69/329Intralayer communication protocols among peer entities or protocol data unit [PDU] definitions in the application layer [OSI layer 7]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Databases & Information Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • Data Mining & Analysis (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Storage Device Security (AREA)
  • Information Transfer Between Computers (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
  • Computer And Data Communications (AREA)

Abstract

The disclosed network system comprises a client which sends an access request to a server, the server which receives the access request from the client and distributes content, application servers, each of which performs, upon reception of the content, additional processing of the content and returns processed content and data to a unit that sent the content to it, and a proxy server which relays data to be communicated between the client and the server. The proxy server comprises a unit that relays communication data which receives the access request from the client and forwards it to the server and receives the content from the server and a unit that calls out application server which receives content from the unit that relays communication data, encapsulates the content into a predetermined format message, forwards the message to one of the application servers, and receives the content and result of additional processing performed by the application server. The unit that relays communication data sends data based on the result to the client.

Description

Network system
With reference to citing document
The application requires the right of priority based on the Japanese patent application 2002-267551 of submission on September 13rd, 2002, and all the elements of this application are hereby incorporated by.
Technical field
The network system of the content that can exist from the client access server that is connected to server by communication line, the present invention relates to the acting server of the data that a kind of forwarding transmits and use the system of this acting server between server and client computer.
Background technology
The terminal user has used the agreement downloading computer executable program be called HTTP(Hypertext Transport Protocol) and music, animation file very at large, and on terminal user's personal computer working procedure or playing back music, animation.In this method that obtains program and message file by network, guarantee that for user terminal provides security be important problem very.For example, the third party of malice may invade the WEB server on the internet, and the content-data (for example, animation file or computer executable program) that exists on the server is modified as the routine data that is subjected to the computer virus pollution.In this case, when the user downloaded this program to user terminal and working procedure unintentionally, trouble had just occurred, and the data that wherein are stored in terminal are destroyed, and the individual subscriber important information that maybe should maintain secrecy is freely sent on network by the third party of malice.As the precautionary measures of these troubles of prevention, use virus checker to detect and dump virus.Can take to use the precautionary measures of virus checker by following dual mode.
A kind of method is to move virus checker on terminal user's terminal or WEB server.Another kind method is to move virus checker on acting server or fire wall, and wherein carrying out in real time to the content that downloads to user terminal, virus detects.The WEB agency is in order to send the Netcom letter intermediate technology of WEB data to client computer from server.Relevant WEB agency's explanation is referring to people such as R.Fielding, RFC 2616 " Hypertext Transfer Protocol-HTTP/1.1 " in June, 1999, THE Internet Society,<URL:http: //www/ietf.org/rfc/rfc2626.txt>1.3 and 1.4 the joint.One of back is applicable to the communication common carrier that the Internet connection service also is provided finishing the method that virus detects on the network when providing security service for the user.
As the improvement version of back one technology, WEB proxy authentication digital signature, described as PCTGazette WO 00/64122.According to this technology, the content of distorting is detected as follows.Produce digital signature at first, in advance at all the elements item of storing on the WEB server.When downloading content by the WEB agency, the WEB agency uses its digital signature authentication downloaded contents authorized.Digital signature is produced in advance and is stored in WEB agency's the memory device.If the content of authorizing is by checking, content is sent to the user of request content strictly according to the facts.If detect the content of distorting, the WEB agency returns error messages, or the initial content that transmission is stored on it in advance arrives the user.
In last method, virus checker is installed is very difficult being connected on all user terminals of network.If use mobile phone as such terminal, can not move virus checker thereon.Detect even on server, carry out virus, still may be during by network through the data that detect by viral pollution in route.
In a back method that detects by WEB agency execution virus, because must carrying out, the busy agency of Network handles the very heavy virus detection task of load, it is very low that agency's handling property itself becomes.Proposed other method, wherein virus checker moves being connected on another server of agency, and between server and agency swap data.Even make in this way, performance of the server of operation virus checker remains bottleneck on it.
In WO 00/64122 disclosed technology,, reduced its processing load because the agency does not carry out virus scan.Yet its increase that is used for the processing load of decrypted digital signature is inevitable.
As mentioned above, by the intermediate equipment of network, rather than the method that server is carried out additional treatments to the content from the downloaded to the client computer relates to such problem, i.e. its processing load becomes too heavy.
Also there is another problem.Prior art can not be checked the order of downloading a plurality of contents, although wish to carry out such inspection.For example, when downloading content and its metadata, can not check to determine whether that downloading the back in metadata downloads this content it.
Summary of the invention
The invention is characterized in that the intermediate communication equipment (being called acting server) that is provided between the client-server comprises the unit of transmitting communication data, the data that this unit forwards transmits between client-server; With the unit that calls (call out) application server, this unit will be packaged into predetermined format message from the content that server receives by the unit of transmitting communication data, send a message to application server, and receive the result of the additional treatments of carrying out as application server and content and the data returned.Therefore, by the intermediate equipment of network, rather than server is responsible for indicating application server to carry out additional treatments to the content that downloads to client computer.
Acting server comprises the communications of control data storehouse, wherein has been provided with and has stored one the condition of content in the application server that transmit, with relevant application server, the required information of transmission content.Transmit the element analysis request of access of communication data and at the described information of accessed content, if request of access and content correlated information satisfy the condition that is stored in the communications of control data storehouse, content is sent to the suitable applications server.
Call the result that the element analysis of application server returns from application server, and will send the content of returning from server, from the data that application server returns, previous on acting server the content of buffer memory, or error messages sends it back client computer.Therefore, suitable response can send it back client computer, and can reduce the data business volume between application server and the acting server.The additional treatments of content can be carried out and client-server need be do not reconfigured.
The unit of transmitting communication data can cache contents, and this content can be the content-data through checking that receives from suitable application server, or according to the content of its URL by network retrieval.When the specific content item of the additional treatments of passing through application server should be sent back to client computer as quick response, application server can be indicated acting server cache contents before the client requests accessed content.
Network system of the present invention comprises application server, content registration server for example, this server with registrant's (registrant) application program from content generation side or the content registration accepted of provider's (being also referred to as Content Management side) to database, wherein, before registration content, digital signature (being designated hereinafter simply as signature) is added on the content by the data of virus detection or the like the scope of examination; The content verification server, this server is checked the content-data of being registered by registrant's application program by virus detection or the like; With the signature verification service device, be used for certifying signature.
According to the present invention, server stores band signature contents, acting server will be sent to the signature verification service device according to the band signature contents that client requests is downloaded.The checking of signature verification service device is added to the validity of the signature on the content, and returns the checking result to acting server.If the checking result is that effectively acting server loopback content is to client computer.If the result is invalid, acting server returns wrong to client computer.Verify content-data in advance, and when downloading content, can guarantee that content-data is effective by only verifying the signature that is added on the content.Therefore, the content through checking can be distributed to client computer quickly.
For signature issue and checking, use private cipher key and the public key certificate stored on the suitable server in the network system.
Particularly, transmit the acting server travelling belt signature contents of band signature contents to signature verification service device from server to client computer as an above-mentioned application server.Signature verification prevents that content-data from being distorted when route on network, and does not need user terminal operation content verification program.Guarantee security, kept the high-throughput of network simultaneously.
The content registration server has been provided a kind of function, and when registration content, this function makes the content of proxy server caches through checking.This just allows quickly the loopback secure content to client computer, with the client requests of response visit registration content item.
When receiving the band signature contents, the signature verification service device determines whether content should be sent back to client computer, and returns definite result to above-mentioned acting server.Particularly, the signature verification service device is carried out the content tampering inspection, wherein realizes this inspection by the signature of checking content, and the content ID that stipulates in the search signature in database, and whether scope of examination data are effective.
The task of signature verification is separated with acting server, and is assigned to another server, that is, the acting server of heavy traffic obtains liberation from the heavy load of signature verification task.Therefore, the processing speed of acting server is enhanced.Maintenance and operation will become and be easy to, because the transmission setting of simply replacing by the signature verification service device and changing on the acting server can reconfigure, and needn't increase new software function, change the software of signature verification process or stop the acting server operation.
The database of signature verification service management is always synchronous with content registration data in server storehouse.Therefore, can carry out management, make application server content shared log-on message in the network system of the present invention, and contradiction can not occur.
By register a plurality of content items in pairs on registrar (in a couple), content verification method of the present invention allows a pair of content item of checking whether correctly to be downloaded to client computer.Particularly, the signature of second content item is included in the first content item.When checking first content item, the storage of signature verification service device is included in the signature of the second content item in the first content item.When checking second content item, the signature verification service device uses the signature of the second content item of storage to carry out checking.Therefore, can verify that first and second content items resemble is downloaded the content item of paired registration.Can control, feasible only when when another content item download is afterwards downloaded a content item, judge that this is effective to content item.
In the present invention, content representation numerical data, text for example, multi-medium data (for example, music file and animation file), or computer executable program.
According to the present invention, can realize at a high speed or the high performance content verification system, and not need to reconfigure client-server.
These and other benefits have been described in whole instructions.The further understanding of characteristic of the present invention and advantage will realize by other parts referring to instructions and accompanying drawing.
Description of drawings
Fig. 1 illustrates legend how to set up the network system that allows content verification in logic.
Fig. 2 is the legend of the functional configuration of explanation acting server 20.
Fig. 3 has illustrated communications of control data storehouse 22 example of structure.
Fig. 4 is the legend of the functional configuration of explanation signature verification service device 40.
Fig. 5 has illustrated registration database 45 example of structure.
Fig. 6 is the legend of the functional configuration of description registrar 50.
Fig. 7 has illustrated the example of synchronous registration database 45.
The example of the safety management table that provides in the content verification system 60 has been provided Fig. 8.
Fig. 9 has illustrated band signature contents 31 example of structure.
Figure 10 has illustrated the example of the treatment scheme of content registration process in the network system.
Figure 11 has illustrated the example of another treatment scheme of content registration process in the network system.
Figure 12 has illustrated the example of the treatment scheme of content de-registration procedure in the network system.
Figure 13 has illustrated the example of downloading the treatment scheme of content in the network system.
Figure 14 is the legend of the structure of descriptive information treatment facility; In this structure, can comprise all devices that uses among the present invention.
Figure 15 has illustrated the example of forming network system according to another preferred embodiment of the invention.
Figure 16 has illustrated the treatment scheme of content verification method according to a further advantageous embodiment of the invention.
Embodiment
The all devices that is included in the illustrative embodiment of the present invention can be configured to general-purpose computing system, as shown in figure 14.Equipment comprises CPU 11, storer 12, from removable and type portable storage medium 18 (CD-ROM for example, DVD-ROM etc.) reader 13 of sense data, be used for by the network interface 14 of network 9 with correspondent node, external memory storage 15 (for example HDD) and comprise the I/O unit 16 of keyboard, mouse and display.On each equipment, be created the computer program that is used for carrying out particular task and be stored in advance in the storer 12, and CPU 11 computer program.
Computer program can be stored in the external memory storage 15 in advance, or imports from other equipment by movable storage medium or communication media.
Use accompanying drawing, first preferred embodiment of the present invention is described below.
Fig. 1 illustrates sketch how to set up network system according to a first advantageous embodiment of the invention.
In first preferred embodiment, network system comprises client computer 10; Server 30; The acting server 20 of the data that forwarding transmits between client computer 10 and server 30; Use is added to the signature verification service device 40 whether signature verification content on the content should send to client computer 10; (for example content creating side or all sides) accepts content in advance and produces the content registration server 50 that is added to the signature on the content from Content Management side; The content verification server 60 of the content-data that scope of examination registrar 50 receives; The issue certificate revocation list certificate issuing authority 70, certificate revocation list comprise in the public key certificate that when signature verification service device 40 certifying signatures, uses by cancellation of doucment; With content registration people terminal 80, wherein the Content Management square tube is crossed content registration people terminal 80 registration content on content registration server 50.All the said equipments are all by network 9 interconnection.
Client computer 10 is connected by at least one acting server 20 with server 30.Acting server 20 is connected to signature verification service device 40, and signature verification service device 40 is connected to content registration server 50 and certificate issuing authority 70.Content registration server 50 is connected to content verification server 60 and content registration people terminal 80.
On client computer 10 equipment, move existing WEB client application, for example the WEB browser.When client computer 10 users wanted the content of downloaded stored on server 30 (for example text data, animation data and program file), client computer 10 sent message (request of access) to server 30, and this message requests service device 30 sends content and received contents.
When the server 30 of operation WEB server program on it when client computer 10 receives request of access, its sends the content of request to client computer 10.In this preferred embodiment, server 30 is the band signature contents 31 shown in the storage map 9 in its storer.
As described below, before from the request of access of client computer 10, prepare band signature contents 31.The content that provides from content registration terminal 80 is registered on the content registration server 50; At this moment, by content verification server 60 checking content-datas; Signature is added on the content, thereby allows content to be downloaded to client computer 10.Produce this preferably by the public key encryption that uses hash function
Signature among the embodiment.
Band signature contents 31 shown in Fig. 9 comprises it can being text, animation, and the initial content 311 of computer executable program etc. and being used to is verified signature 312 parts of the validity of initial content 311.312 parts of signing comprise signing messages 3121, by using the signature value 3122 that private key encryption signing messages 3121 obtains and comprising the public key certificate 3123 of the public-key cryptography that decrypted signature value 3122 is required.Signing messages 3121 comprises the endorsement method 3124 of indication hash function algorithm etc., as by the content ID 3125 of the unique ID that distributes to content of native system with by using the eigenwert (digest value) of the content 3126 that hash function content of operation data calculate.
Acting server 20 among Fig. 1 has been provided function (forwarding capability) from the content of the request of access that sends from client computer 10 and response request to server 30 that transmit.Destination server 30 information (for example host name and IP address) are included in the URL information of the content of describing in the relevant access request message.
Acting server 20 also has been provided caching function, is used for its content of transmitting in response of buffer memory.
In addition, if content satisfies pre-conditioned (URL of content, extension name, file type etc.), acting server 20 sends from server 30 band signature contents 31 that receive, in response to signature verification service device 40, with its signature 312 of requests verification.If the checking result who returns is no problem, acting server transmits content to client computer 10.
Preferably can use the communication protocol of HTTP for example or internet content adapting protocol (iCAP) to carry out communication between acting server 20 and the signature verification service device 40.
When signature verification service device 40 received the band signature contents 31 that acting servers 20 send, its certifying signature 312 was determined that content do not distort, and is returned the checking result to acting server 20.
Signature verification service device 40 receives in advance and Store Credentials is cancelled inventory, certificate revocation list comprise when certifying signature 312 use, the cancellation of doucment from the public key certificate of certificate issuing authority 70 issues.When it receives band signature contents 31, check public key certificate by the reference certificate revocation list, verify the validity of the public-key cryptography relevant with content.
Signature verification service device 40 is also stored the information of content ID 3125 ground proof content validity one by one in registration database 45.
Content registration server 50 is carried out signature issue and content registration management.
It is as follows to carry out the signature issuing function.Content registration server 50 is accepted the content registration request from content registration people terminal 80, received content, and the content that transmission is accepted is to content verification server 60.When it receives checking as a result the time, determine that content-data is no problem, produce the signature 312 of content, will sign 312 is added on the content, and returns results to content registration people terminal 80.
For example, when content registration server 50 is accepted to be used for the request of registration computer executable program file, whether its request content authentication server 60 scrutiny program files comprise computer virus, whether class libraries program reference, that be incorporated in the program may cause the error that is stored in the data on client computer 10 terminals, or undesirably send data to third party and the possibility that whether has other risks.If the result is no problem in checking, content registration server 50 will be signed in the 312 adding computer executable program files.
The content registration management function is to be created in the content ID that unique identification in the total system is accepted content, and by using database, comes the organize content item according to the content validity of each ID.This function comprises the function that the log-on message of new content item is added to registration database when content registration people registration content, the status information that changes content item when the validity of registration content item is lost is the function of engineering noise, with the function of deleting the information of relevant expired content item from registration database.When providing a plurality of signature verification service devices 40 and content registration server 50 to be used for load-share, in the content registration server 50 one further provides when the content registration people applies for that thereon registration content item and this registration are accepted, and the log-on message of distribution related content item is to the function of other servers.
This function prevents between a plurality of content registration servers 50 or the inconsistent problem of registration content item appears in the centre, and when the signature 312 of checking content item, can avoid the expense that occurs during to the log-on message of main contents registrar 50 query contents items whenever each signature verification service device 40.
For example, suppose content registration people registration content, and apply for the cancel register content thereafter.Main contents registrar 50 is at first accepted the registration content request of content registration people terminal 80, and content verification server 60 scope of examination data.Then, main contents registrar 50 distributes ID to give content, registration content is as new " effectively " content item in registration database, and the log-on message that sends relevant new content item is to signature verification service device 40 and other guide registrar 50, so that the registration database on the update service device.
When main contents registrar 50 when content registration people terminal 80 receives the application that is used for the cancel register foregoing, if it is in the term of validity of content, then changing the content item status information is engineering noise, if or content is expired, then from registration database, delete the information of related content item.Then, main contents registrar 50 indication signature verification service devices 40 are made identical change or deletion with other content registration server 50, so that the registration database on the update service device.
If the content item of cancel register is visited in client computer 10 requests, the request of then handling is as follows.After the validity of the signature 312 of the band signature contents 31 of acting server 20 receptions, check the content ID in the signature 312 in 40 checkings of signature verification service device.By using content ID as key, signature verification service device 40 is searched for its content registration database 45A, and finds that the state of content item is an engineering noise, or content item is deleted.Signature verification service device 40 notification agent servers 20 contents should not send to client computer 10, because the checking result of content item is invalid.
Content verification server 60 is checked the content-data that receives from content registration server 50, and whether the scope of examination should send to client computer 10, and returns the checking result to content registration server 50.For example, content verification server 60 is analyzed the possibility that content causes risk, and for example, whether specified data comprises virus; Or definite program reference, be incorporated in the error whether class libraries in the program may cause the data that are stored in client computer 10 terminals, or data undesirably are sent to the third party.
Certificate issuing authority 70 regularly or the request issue certificate revocation list (CRL) of answering signature verification service device 40 to signature verification service device 40.
Content registration people terminal 80 is by (content creating side for example, Content Management side, all sides, or provider) is used for registration content on content registration server 50, and be provided user interface function, this function allows Content Management side's application for registration content and registrant's information, or the deletion content item, and be provided the communication function of communicating by letter with content registration server 50.
Content registration people terminal 80 can be the terminal of operation WEB browser.Registrant as the terminal user starts the WEB browser; Accessed content registrar 50; The record sheet that occurs in WEB browser window input necessary information is with in response, and described necessary information for example is to be stored in registrant's information on the content registration people terminal 80, that want registration content and file path (position on the dish); And click " registration " button.Then, content registration people terminal 80 sends the electronic data of registration content application and content to content registration server 50.Thereafter, as the response of content registration server 50, content registration is the result be presented on the screen, and following carrier band signature contents.
When the registrant applied for the cancel register content item, the result of content cancel register was presented on the screen.If registration or cancel register are unsuccessful, return error messages.The band signature contents 31 that is received by the registrant is provided for server 30 in response, and is stored in the storer (for example hard disk) on the server 30.For method is provided, band signature 31 can be sent to server 30 from content registration people terminal 80 by the safe transmission path of setting up therebetween; Alternatively, can sign 31 contents on storage medium (for example floppy disk) by file, and transmit floppy disk to server 30.
In the structure shown in Fig. 1, the function that a plurality of equipment are realized physically can be realized by individual equipment.For example, the function of signature verification service device 40 can merge in the acting server 20.The function that individual equipment is realized physically can be realized by a plurality of equipment.For example, the issue of the signature of content registration server 50 can be realized by the disjoint server that intercoms mutually by network with the content registration management function.
Use Fig. 2 to 14, further describe first preferred embodiment of the present invention.
Fig. 2 is the legend of the structure of acting server 20 in this preferred embodiment of explanation.
Acting server 20 in this preferred embodiment comprises the unit 21 of transmitting communication data, the data that its forwarding will be transmitted; Wherein storage is used to transmit communication data to the condition of signature verification service device 40 and the communications of control data storehouse 22 of information; Unit 23 with calling application server is used to establish a connection to signature verification service device 40.
Transmit the request of access of unit 21 subscribing clients, 10 transmissions of communication data, and it is delivered to by the URL specified server of stipulating in the access request message 30.This unit also receives from what server 30 sent it back and is not with signature contents, and transmits it to client computer 10.
When the unit of forwarding communication data 21 receiving belt signature contents 31, according to the condition and the information that are stored in the communications of control data storehouse 22, it transmits not verified band signature contents 31 to the unit 23 that calls application server, so that send it to signature verification service device 40.After this, when the unit 21 of transmitting communication data when signature verification service device 40 receives as checking results' " being proved to be successful " message or initial content 311 in response, loopback initial content 311 is to client computer 10.When the unit receives in response band signature contents 31, from content, eliminate signature 312, and loopback initial content strictly according to the facts 311 or band signature contents 31 are to client computer 10.Whether removing signature 312 the decisions that are provided with by acting server 20.If the unit receives " checking is unsuccessful " response message, then send error notification to client computer 10.If the unit receive beyond the initial content 311 content in response, can send the content that received strictly according to the facts to client computer 10.
Communications of control data storehouse 22 is databases of form, wherein transmits condition field 211 records and is used as searching key word, as shown in Figure 3.This database is used to manage the condition of travelling belt signature contents 31 to signature verification service device 40.The record 225 in communications of control data storehouse 22 is as described below.In transmitting condition field 221, storage triggers the condition of band signature contents 31 to the transmission of signature verification service device 40.In purpose url field 222, the purpose URL of storage signature verification service device 40, wherein the band signature contents of the record coupling of acting server 20 transmission and transmission condition field 221 is to this signature verification service device 40.In service assigns field 223, the service that the band signature contents that storage is mated at the record with transmission condition field 221 is carried out.In timing field 224, storage is relevant, and when acting server 20 transmits the information that the band signature contents 31 that mates with the record that transmits condition field 221 arrives signature verification service device 40.
For example, on the row of the record 225 that Fig. 3 marks, " extension=.exe " is present in the transmission condition field 221, and the content file that therefore has the URL that comprises the extension name of stipulating " .exe " from the access request message that client computer 10 receives is matched with this condition.At the content-data to be transmitted of coupling, " virus scan " service must be carried out.For this reason, when from server 30 " when receiving content ", band signature contents 31 is sent to the signature verification service device 40 by URL " http://webservicel/virus_scan.cgi " appointment.
In certain embodiments, the URL of purpose signature verification service device 40 can stipulate in the signature 312 on being added to content, and the band signature contents 31 that receives is sent to the signature verification service device 40 by the URL appointment of describing in the signature 312.
Will the travelling belt signature contents 31 during when acting on behalf of server 20 to signature verification service device 40, the unit 23 that calls application server among Fig. 2 establishes a connection to signature verification service device 40, and creates and comprise the message 32 of being with signature contents 31.Construct this message by for example band signature contents 31 shown in the additional URL 321 to Fig. 9 with as the visit destination, this URL stipulates in from the access request message of client computer 10 and is stored in the acting server 20.URL 312 made as the mode of visit destination can check and whether download band signature contents 31 when signature verification service device 40 certifying signatures 312 from its correct URL that is positioned at.
Fig. 4 shows the configuration example of signature verification service device 40.
Obtain the unit 41 of signature and analyze the message 32 that sends from acting server 20, and obtain not verified band signature contents 31.Then, take out the signature 312 that is added on the content 31, from the signature 312 of content 31, take out the required public key certificate 3123 of validity of certifying signature 312, and transmit the unit 42 of public key certificate to authentication certificate.
As the result of checking, if public key certificate 3123 is effective, the unit 42 of authentication certificate is given the unit 41 that obtains signature public-key cryptography.The unit 41 that obtains signature transmits signature 312 and the public-key cryptography unit 44 to certifying signature, and 312 checking result wherein obtains from the unit 44 of certifying signature signing.As the result of checking, if determine content 31 " effectively ", the unit 41 that obtains signature returns " being proved to be successful " message to acting server 20.With this message together, the unit can transmit successfully by the initial content 311 of checking or band signature contents 31 to acting server 20.
If obtaining the unit 41 of signature, on business to open key certificate invalid and receive the unsuccessful response of checking from the unit 42 of authentication certificate, if perhaps from unit 44 contents of announcement, 31 engineering noises of certifying signature or " empty (void) " with as the checking result, then 20 checkings of notification agent server get nowhere.When content is proved to be invalid, can increase transmission message with the function of suggestion content registrant from server cancel register content.
Inventory (CRL) regularly or is when needed cancelled from certificate issuing authority 70 acceptance certificates in the unit 42 of authentication certificate, and store this inventory in certificate revocation list database 43 to manage.When the unit 41 that obtains signature receives public key certificate 3123, whether expired or cancellation of public key certificate is at first checked in the unit 42 of authentication certificate.Then, with reference to certificate revocation list database 43, the unit 42 of authentication certificate checks whether public key certificate 3123 is cancelled.When public key certificate 3123 is proved to be effective, authentication certificate unit 42 transmit the public-key cryptography that is present among the public key certificate 3123 to the unit 41 that obtains signature with result as processing.If public key certificate is invalid, then notify unit 41 checkings of obtaining signature unsuccessful.
Under the situation that receives signature 312 and public-key cryptography from the unit 41 that obtains signature, unit 44 certifying signatures 312 of certifying signature.It will be sent to the unit 46A of management log-on message from the content ID 3125 of signature 32, search for registration database there to obtain the content registration condition.As the result of search,, then " effectively " result notification is obtained the unit 41 of signature if the state of content registration is effectively.If state is invalid or empty, notice is obtained unit 41 engineering noises of signature.
Registration database is the database of form, and wherein content ID3125 record is used as searching key word, and this database is used to the content registration condition managing.The state of content registration state representation content item is " effectively " (that is, content should be sent to client computer 10 with in response) or " empty " (that is, content should not be sent to client computer 10 with in response).When content has been registered on the content registration server 50 and before the deadline the time, the state of content item is set to " effectively ".When registrant's cancellation content registration application has been dealt into content registration server 50, although and content previous registered on content registration server 50 and before the deadline but still during the cancel register content, the state of content item is set to " sky ".When application expired when content item or registration content was not dealt into content registration server 50 (being not registered in registration database 45A), it became engineering noise.
Difference between " sky " and the engineering noise is reflected in the daily record of signature verification service device 40 and acting server 20 outputs and sends back the response message of client computer 10 or post to content registration people's message.
Fig. 5 shows registration database 45A example of structure.
In content id field 451, store unique content ID 3125 that distributes to the content item of registration in the system.In mode field 452, store above-mentioned content registration state.In term of validity field 453, the term of validity of storage registration content.It is invalid that the content item of having crossed the term of validity becomes, and the content registration people must re-register (renewal) and makes its recover service.
In url field 454, be stored in the URL that registration content was positioned in the network.In registrant's information field 455, storage is about content registration people's personal information, for example address, name and e-mail address.When be disabled in the field 456, storage is applied for cancelling the date of content registration by the content registration people who is dealt into content registration server 50, is used to cancel content registration.In safe class field 457, the safe class of storage related content, it is used for the processing of content verification server 60, and will be described below.
The unit 46A search registration database 45A of management log-on message and new database more among Fig. 4.When receiving the searching request at content ID 3125 in unit 44 from certifying signature, unit 46A search content ID 3125 in registration database 45A of management log-on message, judge the login state of content ID 3125 according to the information in the mode field 452 that is stored in content, and to the unit of certifying signature 44 advise fates " effectively ", " sky ", or engineering noise.Receiving update request from content registration server 50 when (being used for registration or deletion), the unit 46A of management log-on message is according to the content of request registration updating database 45A.In a possible embodiment, registration database 45A is not stored in the signature verification service device 40; What substitute is, the integrated registration database of another server admin, and wherein signature verification service device 40 sends content ID 3125 and log-on message searching request to this server by network.
Fig. 6 shows the configuration example of content registration server 50.
When content registration/cancel register unit 51 when content registration people terminal 80 receives request of access, its loopback is registered the record list window interface that the people is used for importing necessary information, and accepts the application of registration or cancel register (deletion) content.Then, content registration/cancel register unit 51 receives for example necessary information and the initial content 311 of registrant's information from content registration people terminal 80.When accepting the application of registration content, content registration/cancel register unit 51 transmits the initial content 311 that will register and arrives content verification server 60, with the requests verification content-data.If the result of checking is no problem, the unit 46B registration content of content registration/cancel register unit 51 request management log-on messages also obtains content ID 3125.Then, content registration/cancel register unit 51 transmits initial content 311 and the unit 52 of the content ID 3125 that obtains to the generation signature.After the unit 52 that produces signature obtains being with signature contents 31, content registration/cancel register unit 51 loopback operating results and band signature contents 31 are to content registration people terminal 80.When accepting registrant's cancel register content application, content registration/cancel register unit 51 prompting registrants are from content registration people terminal 80 input content ID 3125 or URL.Content ID 3125 by using registrant's regulation or URL are as searching key word, and content record is searched out from database and deletes.
When receiving content ID 3125, produce the unit 52 establishments band signature contents 31 as shown in Figure 9 of signature.At this moment, the unit 52 that produces signature obtains producing the required relevant private cipher key and the public key certificate of signature 312 of content from the unit 53 of the managing keys of the such key certificate of safe storage.
The unit 46A with the management log-on message shown in Fig. 4 is identical basically for the unit 46B of management log-on message.When the unit 46B of management log-on message received the request of registration content, its additional function was to create new record in registration database 45B, and is the untapped content ID 3125 of content allocation.When the unit 46B of management log-on message receives content ID 3125 or URL, during with the deletion requests for content, it searches for the content record with searching key word (this keyword is content ID 3125 or the URL that receives) coupling in registration database 45B, and the content record of deletion coupling.
In addition, the unit 46B of management log-on message has following function.When registration or cancel register content item, use the communication on the network, identical content is registered or deleted to this unit indication other guide registrar 50 with signature verification service device 40 at its registration database 45.This function allows the consistance of the content of all databases of assurance.Registration database 45B is identical with the registration database 45A shown in Fig. 5.
Fig. 7 shows synchronously the method for the registration database 45 that the remote unit 46 by management log-on message on the network uses respectively.Under the situation that a plurality of content registration servers 50 are provided, synchronous a plurality of registration databases 45 are very important.For fear of the repetition of the inconsistent of data-base content or content ID 3125, prepare registration database 45, make up-to-date information always store wherein, and settle a content registration server 50A as the main contents registrar.When another content registration server 50B (from) when receiving the application of registration content, its content registration/cancel register unit 51 transmits the unit 46B of the request of registration content to the management log-on message.By the communication on the network, the request of registration content then is sent to main contents registrar 50A, and content ID 312 is assigned to content.Use this content ID 3125, registration updating database 45B, and produce signature 312.Therefore, but between content registration server 50 content shared ID 3125, and can avoid its repetition.
The example of the database of the form that provides in content verification server 60 is provided Fig. 8, and it is used to the content of authenticating computer executable program file.
This database is used to determine safe class according to function of using and the class libraries that is incorporated in the program in the computer executable program file.According to record row 620, form has the safe class field 611 of the value that comprises the instruction program safe class, and function assigns field 612 to 614 and class libraries to assign field 615 to 617.The form example of Fig. 8 has provided information, even have safe class 2 with the program of function 1 and the program of merging class libraries 1.
When checking during content by content verification server 60 by the above-mentioned database of visit definite safe class, the safe class of specifying and be included in the content registration people in the safe class field 457 of the registration database 45 shown in Fig. 5 is compared.By relatively,, distribute by the safe class limiting content according to the agreement of making between the operator of native system and the content registration people.For example, can make following arrangement: the content registration people A that pays higher contract rate to system operator is allowed to issue the lower program of safe class, and can only issue the program of high safety grade to the content registration people B of the low contract rate of system operator payment.
The treatment scheme example of the content registration process that Figure 10 shows the registration content application that starts from the registrant, mainly carried out by main contents registrar 50A.
At first, the content registration people uses the WEB browser to import the necessary information (S501) that comprises registrant's information 455 on content registration people terminal 80.Necessary information and initial content 311 are sent out main contents registrar 50A (S502).Content registration/cancel register unit 51 receives the necessary information that comprises registrant's information 455 and content 311 from content registration people terminal 80, and send content 311 to content verification server 60 (S503, S504).Content verification server 60 checking contents (S505) are also returned checking result (S506).
Main contents registrar 50A checks the content verification result (S507) who returns.No problem if (for example, program does not comprise virus, or program is not used the function of low-security), the unit 46B of management log-on message is the untapped content ID 3125 of content allocation (S510).Then, produce unit 52 generation signatures, 312 (S511) of signature.Then, new content record 459 is added to (S512) among the registration database 45B.In addition, the unit 46B indication signature verification service device 40 of management log-on message and another content registration server 50 registration updating databases (registration content is to database) (S513 to S515).At last, content registration/cancel register unit 51 with result's's " registration process is finished " notice and band signature contents 31 be sent to together content registration people terminal 80 (S516, S517).
If step S507 detects problem in checking among the result, the notice that content registration/cancel register unit 51 transmits results' " unsuccessful content verification " to content registration people terminal 80 (S508, S509).
Figure 11 shows the registration content application from the registrant, main treatment scheme example by the content registration process of carrying out from content registration server 50B.
S501 to S509 is identical with corresponding step among Figure 10.After S507, registration content (S601) on main contents registrar 50A.Transmit log-on message 455 and content 31 to main contents registrar 50A (S602) from content registration server 50B.Master server 50A allocation contents ID 3125 gives content (S603), registration updating database 45B (S604), and transmit content ID 3125 and arrive from content registration server 50B (S605).S605 and subsequently step are identical with S511 to S517 among Figure 10.
The treatment scheme example of the content registration process that Figure 12 shows the registration content application that starts from the registrant, carried out by content registration server 50.
At first, content registration/cancel register unit 51 receives URL or the content ID 3125 that the registrant applies for the content item of cancel register (deletion) from content registration people terminal 80, and unit 46B search content (S201) in registration database 45B of management log-on message.Whether check has the content (S202) that will delete.If find, check its term of validity field, and check that it is whether within the term of validity (S203).If it before the deadline, state 452 is changed into " sky " (S204).If it has surpassed the term of validity, deletion record row itself (S205).Then, the unit 46B indication signature verification service device 40 of management log-on message and other guide registrar 50 their registration databases of renewal (from database deletion content) are (S206).At last, content registration/cancel register unit 51 transmits result's's " de-registration procedure is finished " notice to content registration people terminal 80 (S207).If do not find the content that will delete in step S202, content registration/cancel register unit 51 is with error messages content of announcement registrar 80 (S208).
Explained later is checked the example of the treatment scheme of the term of validity in registration database 45, this inspection should regularly be carried out at main contents registrar 50.
At first, the unit 46 of management log-on message looks up the records 459 in registration database 45, and checks whether unreferenced record is arranged.If find, check by consulting term of validity field 453 whether it has surpassed the term of validity.If surpassed the term of validity, with regard to the deletion record row.If within the term of validity, not deletion record row.Other record row 459 (if existence) are repeated above-mentioned action.If unreferenced record no longer exists, the unit 46B indication signature verification service device 40 of then managing log-on message upgrades their registration database with other guide registrar 50 by carrying out identical deletion.
Figure 13 shows the example of the processing of request flow process of the visit band signature contents 31 that processing sends from client computer.
At first, client computer 10 transmit request of access to acting server 20 (S701, S702).Whether the content that acting server 20 inspections will be visited buffer memory (S703) on it.If the content that buffer memory, acting server transmit buffer memory to client computer (S704, S705).If no, acting server transmits request of access to server 30 (S706).
Server 30 loopback band signature contents 31 after the acting server 20 (S707, S708), acting server 20 transmit contents 31 to signature verification service device 40 (S709, S710).Signature verification service device 40 certifying signatures are with as additional treatments, and return results (S711, S712).At this moment and the result together, through the initial content 311 of checking, band signature contents 31, or error messages is sent to acting server 20.
Then, acting server 20 transmits empirical tests initial content 311, band signature contents 31, or error messages to client computer 10 (S713, S714), and if spatial cache can be used for content, then buffer memory initial content or band signature contents 31 (S715).
If step S711, band signature contents 31 is sent to acting server among the S712, and acting server 20 can be removed signature 312 from band signature contents 31 in step S713, and transmit initial content 311 to client computer 10.If specify the URL of another content in the initial content 311 of signature verification service device 40 checking, acting server can be visited this URL by request server, retrieval of content, and transmit the content that receives from server to client computer 10.
In a possible embodiment, when applying for the registration of content by the registrant, content registration server 50 can be indicated the content of unit 21 buffer memory empirical tests of the forwarding communication data of acting server 20.Because the content of content registration server 50 registrations is buffered on the acting server 20 immediately, such advantage is to respond request of access fast.When from client computer 10 request accessed contents, the content of buffer memory always is transmitted back to client computer, unless content buffer memory not.
In second preferred embodiment of the present invention shown in Figure 15, a plurality of acting servers 20 are provided, and between two acting server 20A and 20B, set up the communication channel 901 of encrypting.Near the acting server of position client computer 10 can be connected to.
In second preferred embodiment, operate an acting server 20A respectively with the buffer memory advantage that allows quick customer in response machine 10, another is from server 30 nearer acting server B and signature verification service device 40; Therefore, distributed function allows to share load in system.Different operators also can move the corresponding acting server with difference in functionality; For example communication common carrier provides and maintenance proxy server 20A, and company or content supplier provide and maintenance proxy server 20B.
Then, describe the 3rd preferred embodiment of the present invention, its another example by the download content treatment scheme of the network system of using invention and content verification method illustrates.Carry out in the following sequence by of the operation of network download content to PC or cellular mobile telephone.
Before downloading content itself, download is wherein described supplementary (for example content be positioned at URL), is called as the file of metadata.Then, the information of describing in the analysis of metadata according to the download of information content that obtains thus itself, and is carried out content.
In the 3rd preferred embodiment, the signature 312 of content is affixed on the metadata.Metadata comprises its signature 312 and is coupled to the content signature 312 of metadata.When downloading metadata, the signature 312 of signature verification service device 40 memory contentss, and downloaded contents after the signature verification of use storage.
When content registration server 50 registration content items, the URL of link metadata and content item.Signature verification service device 40 receives this link information from content registration server 50, and manages this link information in form.By using this link form, signature verification service device 40 also managed storage is added to the metadata signature 312 on the metadata and the position of content signature 312.When receiving metadata with unregistered URL in this form or content, signature verification service device 40 is treated to the unauthorized access mistake with it.In addition, preferably the signature 312 that is stored in the content item in the signature verification service device 40 is set in advance the term of validity; This can prevent the consumption that the server memory resource is unnecessary.
Use Figure 16, explain the 3rd embodiment fully.When acting server 50 is arrived in the request of client computer 10 transmission accesses meta-data (S801), above acting server 50 checks whether the metadata that will visit has been buffered in.If buffer memory, acting server transmit the metadata of buffer memory to client computer 10 (S802).If no, acting server transmits request of access to server 30 (S803).
After server 30 loopback bands signature metadata arrives acting server 20 (S804), acting server 20 transmits metadata to signature verification service device 40 (S805).Signature verification service device 40 checking metadata signature 312, storing metadata signature 312 and be included in content signature 312 in the metadata, the position of registering them (S806) in the link form, and return results (S807).Then, acting server 20 transmits the metadata of empirical tests or error messages to client computer (S808), and if spatial cache can be used for metadata, cache metadata (S810) then.
Client computer 10 is analyzed the metadata (S809) that receives, and the requests for content of transmission accesses meta-data appointment is to acting server 20 (S811).Above acting server 20 checks whether the content (its signature 312 is empirical tests) that will visit has been buffered in.If buffer memory, acting server transmit the content of buffer memory to client computer 10 (S812).If no, acting server transmits request of access to server 30 (S813).After server 30 loopback contents arrive acting server 20 (S814), acting server transmits the message 32 of the URL321 that comprises content and conduct visit destination to signature verification service device 40 (S815).
The object of signature verification service device 40 search and the URL of content coupling in the link form is with as searching key word, and search is when former download metadata, and with the metadata record of content coupling under the signature 312 of the content of storing during management of metadata.If find the signature 312 of the content of storage, then signature verification service device 40 is verified content (S816) and return results.If no, signature verification service device 40 returns a mistake (S817).Then, acting server 20 transmits the interior perhaps error messages of empirical tests to client computer 10 (S818), and if spatial cache can be used for content, cache contents (S819) then.
If a plurality of signature verification service devices 40 are provided in this embodiment, must be by verifying the signature verification service device 40 checking contents of the metadata of coupling with it.For this reason, acting server 20 service datas make content be sent to the signature verification service device 40 of appointment certainly.Particularly, in step S807, be transmitted back to the URL of the content of describing in the metadata of acting server 20, or the http session status information that is stored in storage in the HTTP head (for example cookie head) that uses when transmitting content and metadata is rewritten or writes in addition, and adds the ID 3125 that sign is used to verify the signature verification service device 40 of content.
For example, the URL of content " http://server A/metadata " should be write as " http://server A/metadata? signature verification server=01 ".Because client computer sends and has the access to content request that rewrites URL in step S811, acting server 20 analyze question mark "? " the extention of the URL of back " signature verificationserver=01 ", and in downloading the content process, transmit the signature verification service device 40 of content to appointment.
For cookie, for example, head " Set-Cookie2:signature verificationserver=01 " should append on the HTTP message of exchange between acting server 20 and the signature verification service device 40.When acting on behalf of server 20 when client computer 10 receives have the cookie head request of " Cookie:signature verification server=01 ", it analyzes the cookie head, and can transmit content to the signature verification service device 40 of appointment, as being in the situation of example with URL.Because acting server 20 has been stored the information of the signature verification service device 40 that is sent to about metadata, acting server 20 can be described the cookie head and it is additional on the metadata that is transmitted back to client computer 10.
The 3rd preferred embodiment has following two advantages:
At first, whether it can verify that content and suitable metadata thereof download together.The URL of content has been described, client computer 10 request accessed contents after analysis of metadata in metadata.Yet, verify the wrong metadata that third party that metadata and content can not the test access contents writes respectively.In order to protect, content signature 312 is added on the metadata, makes and can verify that the suitable content and the metadata that are coupled are downloaded.
The second, the content that provides is not operated, and therefore, even download the network system of not using invention, downloaded contents still can be carried out on no problem ground on client computer 10.For example, for mobile phone, accessed content and metadata must be carried out by network system of the present invention.Yet for PC, this visit can not need the intervention of network system of the present invention.Under latter event, when carrier band was signed metadata and content instantly, the equipment that metadata downloaded to irrelevant data (signature 312) was ignored incoherent data usually, and does not judge that it is a mistake, because metadata is an auxiliary data, it is not performed.Yet if this equipment attempts to carry out the band signature contents, with regard to vicious possibility, this is because be added on the content with the incoherent data of content (promptly signing 312).By comprise the signature of content in metadata as this embodiment, this mistake on the client computer 10 can be avoided.
Therefore instructions and accompanying drawing should be counted as exemplary rather than restrictive.Yet, under the prerequisite that does not deviate from the spirit and scope of the present invention that define as claim, obviously can make various modifications and change.

Claims (15)

1. network system comprises:
Client computer sends request of access to server;
Server receives request of access from client computer, and content distributed;
Application server, each application server are carried out the additional treatments of content when receiving content, and return treated content and data to the unit that sends this content to it; With
Acting server is transmitted the data that transmit between client-server;
Wherein acting server comprises:
Transmit the unit of communication data, this unit receives request of access from client computer, transmits the request to server, and from the server received content; With
Call the unit of application server, this unit is from transmitting the unit received content of communication data, and encapsulated content is a predetermined format message, transmits message to one application server, and receives the content and the result of the additional treatments of application server execution;
The unit of wherein transmitting communication data sends data according to the result to client computer.
2. network system as claimed in claim 1, wherein:
Acting server comprises the communications of control data storehouse, is used to store the condition that transmits content to an application server, with relevant application server, the required information of transmission content;
If request of access and content correlated information satisfy the condition that is stored in the communications of control data storehouse, the unit of transmitting communication data transmits content to the unit that calls application server.
3. network system as claimed in claim 1, wherein:
Transmit the content of the unit caches of communication data from the server loopback, and when when client computer receives the access cache requests for content, if it before the deadline, then the content of loopback buffer memory is to client computer, wherein the term of validity is indicated by the metadata of content, or sets in advance on acting server.
4. network system as claimed in claim 3, wherein:
In response to the result of the additional treatments of returning from an application server, the unit of transmitting communication data receives content with in response to the client computer loopback from server, from the treated data that application server returns, the content of buffer memory, or error messages.
5. network system as claimed in claim 3, wherein:
According to the information of the position of treated content on the indication network, transmit the treated data that the unit caches of communication data receives from an application server, or the content by network retrieval.
6. network system as claimed in claim 5 further comprises:
The content registration server is accepted content from Content Management side;
Content registration people terminal, working procedure is to be provided at the interface of registration content on the content registration server thereon; With
The content verification server, from content registration server received content, and by predetermined method scope of examination data,
If wherein the content verification server has confirmed that content satisfies predetermined condition, the content registration server is created the band signature contents by signature being added on the content of content registration people terminal reception.
7. network system as claimed in claim 6, wherein:
The content registration server comprises:
Produce the unit of signature, this unit produces signature according to the content ID of unique identification content;
The unit of managing keys, this Single Component Management are used to produce the private cipher key and the corresponding public key certificate of signature; With
The unit of management log-on message, this unit is content allocation content ID, and will be with signature contents to be registered to registration database.
8. network system as claimed in claim 7, wherein:
Content registration server requests proxy server caches band signature contents.
9. network system as claimed in claim 6, wherein:
The content verification server comprises the database of the management that is used for a plurality of safe classes, and carries out content verification according to safe class.
10. network system as claimed in claim 6, wherein:
Network system comprises main contents registrar and one or more from the content registration server, and
The main contents registrar with from the content registration server communication, make the database of all the elements registrar by synchronously.
11. network system as claimed in claim 6, wherein:
The signature verification service device of the signature that application server is the proof tape signature contents;
The band signature contents that this server stores is created by the content registration server; And
Acting server transmits the band signature contents that receives from this server to the signature verification service device, and according to the checking result who returns, determines whether the band signature contents should be sent to client computer.
12. network system as claimed in claim 11, wherein:
The signature verification service device comprises:
Obtain the unit of signature, this unit takes out signature from be received from acting server, not verified band signature contents;
The unit of authentication certificate, this unit checking is used to the validity of the public key certificate of certifying signature;
The certificate revocation list database is used to manage the certificate revocation list of the validity that is used to verify public key certificate;
The unit of certifying signature is used for certifying signature;
Registration database is used for storing the log-on message of each the content ID that is included in signature; With
Manage the unit of log-on message, be used to manage the log-on message of each content ID.
13. network system as claimed in claim 12, wherein:
Signature verification service device and content registration server communication make that the same database on registration database and the content registration server is synchronous.
14. network system as claimed in claim 11, wherein:
If the checking result is effectively, then acting server sends the band signature contents of process checking strictly according to the facts to client computer, or removes the content behind its signature; Otherwise,, then send mistake to client computer if the checking result is invalid.
15. network system as claimed in claim 11, wherein:
The signature of second content item is included in the first content item;
When checking first content item, the storage of signature verification service device is included in the signature of the second content item in the first content item; And
When checking second content item, the signature verification service device uses the signature of the second content item of storage to carry out checking.
CNB031581374A 2002-09-13 2003-09-12 Network system Expired - Fee Related CN1287305C (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
JP267551/2002 2002-09-13
JP2002267551A JP4309629B2 (en) 2002-09-13 2002-09-13 Network system

Publications (2)

Publication Number Publication Date
CN1494010A true CN1494010A (en) 2004-05-05
CN1287305C CN1287305C (en) 2006-11-29

Family

ID=31884802

Family Applications (1)

Application Number Title Priority Date Filing Date
CNB031581374A Expired - Fee Related CN1287305C (en) 2002-09-13 2003-09-12 Network system

Country Status (5)

Country Link
US (1) US7219134B2 (en)
EP (1) EP1398710B1 (en)
JP (1) JP4309629B2 (en)
CN (1) CN1287305C (en)
DE (1) DE60309796T2 (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101170520B (en) * 2007-11-27 2010-06-02 宁波大学 A network system signal processing method based on UDDI
CN103873430A (en) * 2012-12-10 2014-06-18 腾讯科技(深圳)有限公司 Method, client and system for page information verification
CN104205884A (en) * 2012-03-16 2014-12-10 英特尔公司 Multicast broadcast multimedia service-assisted content distribution
CN108243143A (en) * 2016-12-23 2018-07-03 北京明朝万达科技股份有限公司 A kind of gateway penetrating method and system based on different web agent
CN114584602A (en) * 2022-03-01 2022-06-03 百果园技术(新加坡)有限公司 Session state management method, system, device, equipment and storage medium

Families Citing this family (176)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10181953B1 (en) * 2013-09-16 2019-01-15 Amazon Technologies, Inc. Trusted data verification
US7565399B1 (en) * 2002-08-26 2009-07-21 Netapp, Inc. Caching web objects transformed by a pipeline of adaptation services
US8301884B2 (en) 2002-09-16 2012-10-30 Samsung Electronics Co., Ltd. Method of managing metadata
JP4397373B2 (en) * 2002-10-15 2010-01-13 サムスン エレクトロニクス カンパニー リミテッド How to manage metadata
EP1453271B1 (en) * 2003-02-28 2018-05-30 Telefonaktiebolaget LM Ericsson (publ) Device-type authentication in communication systems
WO2004080550A2 (en) * 2003-03-10 2004-09-23 Cyberscan Technology, Inc. Dynamic configuration of a gaming system
US7337330B2 (en) * 2003-03-10 2008-02-26 Cyberview Technology, Inc. Universal game download system for legacy gaming machines
JP2004341732A (en) * 2003-05-14 2004-12-02 Canon Inc Processor, data processing method, program and storage medium
JP4454251B2 (en) * 2003-05-19 2010-04-21 日本放送協会 Content distribution system
WO2004104797A1 (en) * 2003-05-21 2004-12-02 Hewlett-Packard Development Company L.P. Use of certified secrets in communication
US9678967B2 (en) 2003-05-22 2017-06-13 Callahan Cellular L.L.C. Information source agent systems and methods for distributed data storage and management using content signatures
US20040243852A1 (en) * 2003-05-28 2004-12-02 Rosenstein Adam H. Method, system and software for state signing of internet resources
FR2858896A1 (en) * 2003-08-12 2005-02-18 France Telecom METHOD OF MASKING APPLICATION TREATMENTS OF SERVER ACCESS REQUEST AND CORRESPONDING MASKING SYSTEM
FR2859587A1 (en) * 2003-09-04 2005-03-11 Orange France METHOD AND SYSTEM FOR CONTROLLING THE IDENTITY OF A SERVICE
US7539729B1 (en) * 2003-09-15 2009-05-26 Cloudmark, Inc. Method and apparatus to enable mass message publications to reach a client equipped with a filter
FR2860111A1 (en) * 2003-09-23 2005-03-25 Orange France Packet switching network access system for implementing simplified sign on process, has supplementary server with simplified sign on module processing authentication requests by service providers received via proxy server interface
US7246186B2 (en) 2003-11-19 2007-07-17 Honeywell International Inc. Mobius time-triggered communication
US7502334B2 (en) 2003-11-19 2009-03-10 Honeywell International Inc. Directional integrity enforcement in a bi-directional braided ring network
US7372859B2 (en) 2003-11-19 2008-05-13 Honeywell International Inc. Self-checking pair on a braided ring network
US7984175B2 (en) * 2003-12-10 2011-07-19 Mcafee, Inc. Method and apparatus for data capture and analysis system
US7814327B2 (en) * 2003-12-10 2010-10-12 Mcafee, Inc. Document registration
US7899828B2 (en) * 2003-12-10 2011-03-01 Mcafee, Inc. Tag data structure for maintaining relational data over captured objects
US8656039B2 (en) * 2003-12-10 2014-02-18 Mcafee, Inc. Rule parser
US8548170B2 (en) * 2003-12-10 2013-10-01 Mcafee, Inc. Document de-registration
US7774604B2 (en) * 2003-12-10 2010-08-10 Mcafee, Inc. Verifying captured objects before presentation
US20050131876A1 (en) * 2003-12-10 2005-06-16 Ahuja Ratinder Paul S. Graphical user interface for capture system
US7930540B2 (en) * 2004-01-22 2011-04-19 Mcafee, Inc. Cryptographic policy enforcement
US7644270B1 (en) * 2004-05-10 2010-01-05 Sprint Communications Company L.P. Web services security architecture
US7966391B2 (en) * 2004-05-11 2011-06-21 Todd J. Anderson Systems, apparatus and methods for managing networking devices
US7962591B2 (en) * 2004-06-23 2011-06-14 Mcafee, Inc. Object classification in a capture system
JP2006033624A (en) * 2004-07-20 2006-02-02 Japan Telecom Co Ltd Communication control system
FR2873882A1 (en) * 2004-07-29 2006-02-03 France Telecom METHOD AND DEVICE FOR DISTINTING USER HTTP REQUESTS
US8667590B1 (en) * 2004-08-20 2014-03-04 Trend Micro Incorporated Method and apparatus for protecting high availability devices from computer viruses and other malicious content
US8560534B2 (en) 2004-08-23 2013-10-15 Mcafee, Inc. Database for a capture system
US7949849B2 (en) * 2004-08-24 2011-05-24 Mcafee, Inc. File system for a capture system
EP1633103B1 (en) * 2004-09-07 2009-08-19 Research In Motion Limited System and method for updating message trust status
US7509120B2 (en) 2004-09-07 2009-03-24 Research In Motion Limited System and method for updating message trust status
US7424608B1 (en) 2004-09-16 2008-09-09 Sprint Communications Company L.P. Mechanism for layered authentication
US8776206B1 (en) * 2004-10-18 2014-07-08 Gtb Technologies, Inc. Method, a system, and an apparatus for content security in computer networks
US7395277B2 (en) * 2005-01-25 2008-07-01 International Business Machines Corporation Content framework method
US7685159B2 (en) * 2005-01-25 2010-03-23 International Business Machines Corporation Creating content associations through visual techniques in a content framework system
WO2006088922A2 (en) * 2005-02-14 2006-08-24 Reactivity, Inc. Proxy server caching
US7716243B2 (en) * 2005-02-25 2010-05-11 Microsoft Corporation Provisions for validating content using a content registration authority
US8538888B2 (en) * 2005-03-31 2013-09-17 Sony Pictures Entertainment Inc. Method for generating a secure copy of media data
US7758422B2 (en) * 2005-04-13 2010-07-20 Microsoft Corporation Hard drive authentication
JP4723909B2 (en) * 2005-05-27 2011-07-13 株式会社日立製作所 Data exchange method, data exchange management device, and data exchange management program
US20060291700A1 (en) * 2005-06-08 2006-12-28 Ogram Mark E Internet signature verification system
US7636780B2 (en) * 2005-07-28 2009-12-22 Advanced Micro Devices, Inc. Verified computing environment for personal internet communicator
US7907608B2 (en) * 2005-08-12 2011-03-15 Mcafee, Inc. High speed packet capture
US7818326B2 (en) 2005-08-31 2010-10-19 Mcafee, Inc. System and method for word indexing in a capture system and querying thereof
JP4843428B2 (en) * 2005-09-16 2011-12-21 株式会社リコー Information processing apparatus, information processing method, and information processing system
US7702900B1 (en) 2005-09-20 2010-04-20 Sprint Communications Company L.P. Web services security test framework and method
US20090260079A1 (en) * 2005-10-18 2009-10-15 Masakado Anbo Information processing device, and method therefor
US7730011B1 (en) 2005-10-19 2010-06-01 Mcafee, Inc. Attributes of captured objects in a capture system
US7657104B2 (en) * 2005-11-21 2010-02-02 Mcafee, Inc. Identifying image type in a capture system
EP1804176A1 (en) * 2005-12-27 2007-07-04 Koninklijke KPN N.V. Method and system for downloading streaming content
FR2895817B1 (en) * 2005-12-29 2009-09-11 Trusted Logic Sa METHOD AND SYSTEM FOR PAGE ANALYSIS
US7529780B1 (en) 2005-12-30 2009-05-05 Google Inc. Conflict management during data object synchronization between client and server
KR100888593B1 (en) * 2006-03-14 2009-03-12 삼성전자주식회사 Method and apparatus for contents management
US8504537B2 (en) 2006-03-24 2013-08-06 Mcafee, Inc. Signature distribution in a document registration system
US7689614B2 (en) 2006-05-22 2010-03-30 Mcafee, Inc. Query generation for a capture system
US7958227B2 (en) * 2006-05-22 2011-06-07 Mcafee, Inc. Attributes of captured objects in a capture system
US8010689B2 (en) * 2006-05-22 2011-08-30 Mcafee, Inc. Locational tagging in a capture system
US8868740B2 (en) * 2006-09-29 2014-10-21 Nomadix, Inc. Systems and methods for injecting content
US7668084B2 (en) 2006-09-29 2010-02-23 Honeywell International Inc. Systems and methods for fault-tolerant high integrity data propagation using a half-duplex braided ring network
US7827138B2 (en) 2006-10-02 2010-11-02 Salesforce.Com, Inc. Method and system for synchronizing a server and an on-demand database service
KR100772534B1 (en) * 2006-10-24 2007-11-01 한국전자통신연구원 Device authentication system based on public key and method thereof
US7889683B2 (en) 2006-11-03 2011-02-15 Honeywell International Inc. Non-destructive media access resolution for asynchronous traffic in a half-duplex braided-ring
US8037182B2 (en) 2006-11-30 2011-10-11 Microsoft Corporation Capture of content from dynamic resource services
US7912094B2 (en) 2006-12-13 2011-03-22 Honeywell International Inc. Self-checking pair-based master/follower clock synchronization
US7656881B2 (en) 2006-12-13 2010-02-02 Honeywell International Inc. Methods for expedited start-up and clique aggregation using self-checking node pairs on a ring network
JP5332117B2 (en) * 2007-03-06 2013-11-06 日本電気株式会社 WWW content acquisition system and WWW content acquisition method
US9130974B2 (en) * 2007-04-18 2015-09-08 Mcafee, Inc. System and method for limiting spyware activity
WO2008146639A1 (en) * 2007-05-23 2008-12-04 Nec Corporation Information sharing system, computer, project management server and information sharing method used for them
JP4594962B2 (en) * 2007-06-04 2010-12-08 株式会社日立製作所 Verification server, program, and verification method
CN101796837B (en) 2007-09-11 2012-12-19 Lg电子株式会社 Secure signing method, secure authentication method and IPTV system
US7778159B2 (en) 2007-09-27 2010-08-17 Honeywell International Inc. High-integrity self-test in a network having a braided-ring topology
US8817597B2 (en) 2007-11-05 2014-08-26 Honeywell International Inc. Efficient triple modular redundancy on a braided ring
CN101453525A (en) * 2007-11-30 2009-06-10 国际商业机器公司 Method and apparatus for restoring conversation between customer equipments and IVR system
CN101582876A (en) * 2008-05-12 2009-11-18 华为技术有限公司 Method, device and system for registering user generated content (UGC)
US8406748B2 (en) 2009-01-28 2013-03-26 Headwater Partners I Llc Adaptive ambient services
US8275830B2 (en) 2009-01-28 2012-09-25 Headwater Partners I Llc Device assisted CDR creation, aggregation, mediation and billing
US8832777B2 (en) 2009-03-02 2014-09-09 Headwater Partners I Llc Adapting network policies based on device service processor configuration
US8583781B2 (en) 2009-01-28 2013-11-12 Headwater Partners I Llc Simplified service network architecture
US8402111B2 (en) 2009-01-28 2013-03-19 Headwater Partners I, Llc Device assisted services install
US8548428B2 (en) 2009-01-28 2013-10-01 Headwater Partners I Llc Device group partitions and settlement platform
US8346225B2 (en) 2009-01-28 2013-01-01 Headwater Partners I, Llc Quality of service for device assisted services
US8391834B2 (en) 2009-01-28 2013-03-05 Headwater Partners I Llc Security techniques for device assisted services
US8589541B2 (en) 2009-01-28 2013-11-19 Headwater Partners I Llc Device-assisted services for protecting network capacity
US8626115B2 (en) 2009-01-28 2014-01-07 Headwater Partners I Llc Wireless network service interfaces
US8635335B2 (en) 2009-01-28 2014-01-21 Headwater Partners I Llc System and method for wireless network offloading
US8340634B2 (en) 2009-01-28 2012-12-25 Headwater Partners I, Llc Enhanced roaming services and converged carrier networks with device assisted services and a proxy
US8205242B2 (en) 2008-07-10 2012-06-19 Mcafee, Inc. System and method for data mining and security policy management
US10007668B2 (en) * 2008-08-01 2018-06-26 Vantrix Corporation Method and system for triggering ingestion of remote content by a streaming server using uniform resource locator folder mapping
US9253154B2 (en) 2008-08-12 2016-02-02 Mcafee, Inc. Configuration management for a capture/registration system
US20100046931A1 (en) * 2008-08-22 2010-02-25 Panasonic Corporation Recording and playback apparatus
US9934240B2 (en) * 2008-09-30 2018-04-03 Google Llc On demand access to client cached files
US8620861B1 (en) 2008-09-30 2013-12-31 Google Inc. Preserving file metadata during atomic save operations
JP5251446B2 (en) * 2008-11-17 2013-07-31 富士通株式会社 Data sharing program, data sharing method, and data sharing apparatus
JP5287199B2 (en) * 2008-12-10 2013-09-11 富士通株式会社 Communication rule application method and apparatus for communication apparatus, and communication apparatus
US8850591B2 (en) 2009-01-13 2014-09-30 Mcafee, Inc. System and method for concept building
US8706709B2 (en) 2009-01-15 2014-04-22 Mcafee, Inc. System and method for intelligent term grouping
US9980146B2 (en) 2009-01-28 2018-05-22 Headwater Research Llc Communications device with secure data path processing agents
US11218854B2 (en) 2009-01-28 2022-01-04 Headwater Research Llc Service plan design, user interfaces, application programming interfaces, and device management
US10492102B2 (en) 2009-01-28 2019-11-26 Headwater Research Llc Intermediate networking devices
US9706061B2 (en) 2009-01-28 2017-07-11 Headwater Partners I Llc Service design center for device assisted services
US9647918B2 (en) 2009-01-28 2017-05-09 Headwater Research Llc Mobile device and method attributing media services network usage to requesting application
US11973804B2 (en) 2009-01-28 2024-04-30 Headwater Research Llc Network service plan design
US10248996B2 (en) 2009-01-28 2019-04-02 Headwater Research Llc Method for operating a wireless end-user device mobile payment agent
US10783581B2 (en) 2009-01-28 2020-09-22 Headwater Research Llc Wireless end-user device providing ambient or sponsored services
US10064055B2 (en) 2009-01-28 2018-08-28 Headwater Research Llc Security, fraud detection, and fraud mitigation in device-assisted services systems
US10057775B2 (en) 2009-01-28 2018-08-21 Headwater Research Llc Virtualized policy and charging system
US9571559B2 (en) 2009-01-28 2017-02-14 Headwater Partners I Llc Enhanced curfew and protection associated with a device group
US9565707B2 (en) 2009-01-28 2017-02-07 Headwater Partners I Llc Wireless end-user device with wireless data attribution to multiple personas
US10841839B2 (en) 2009-01-28 2020-11-17 Headwater Research Llc Security, fraud detection, and fraud mitigation in device-assisted services systems
US9955332B2 (en) 2009-01-28 2018-04-24 Headwater Research Llc Method for child wireless device activation to subscriber account of a master wireless device
US10798252B2 (en) 2009-01-28 2020-10-06 Headwater Research Llc System and method for providing user notifications
US9578182B2 (en) 2009-01-28 2017-02-21 Headwater Partners I Llc Mobile device and service management
US9557889B2 (en) 2009-01-28 2017-01-31 Headwater Partners I Llc Service plan design, user interfaces, application programming interfaces, and device management
US9954975B2 (en) 2009-01-28 2018-04-24 Headwater Research Llc Enhanced curfew and protection associated with a device group
US9392462B2 (en) 2009-01-28 2016-07-12 Headwater Partners I Llc Mobile end-user device with agent limiting wireless data communication for specified background applications based on a stored policy
US10200541B2 (en) 2009-01-28 2019-02-05 Headwater Research Llc Wireless end-user device with divided user space/kernel space traffic policy system
US10326800B2 (en) 2009-01-28 2019-06-18 Headwater Research Llc Wireless network service interfaces
US9858559B2 (en) 2009-01-28 2018-01-02 Headwater Research Llc Network service plan design
US10264138B2 (en) 2009-01-28 2019-04-16 Headwater Research Llc Mobile device and service management
US10484858B2 (en) 2009-01-28 2019-11-19 Headwater Research Llc Enhanced roaming services and converged carrier networks with device assisted services and a proxy
US11985155B2 (en) 2009-01-28 2024-05-14 Headwater Research Llc Communications device with secure data path processing agents
US9572019B2 (en) 2009-01-28 2017-02-14 Headwater Partners LLC Service selection set published to device agent with on-device service selection
US10237757B2 (en) 2009-01-28 2019-03-19 Headwater Research Llc System and method for wireless network offloading
US9270559B2 (en) 2009-01-28 2016-02-23 Headwater Partners I Llc Service policy implementation for an end-user device having a control application or a proxy agent for routing an application traffic flow
US10715342B2 (en) 2009-01-28 2020-07-14 Headwater Research Llc Managing service user discovery and service launch object placement on a device
US10779177B2 (en) 2009-01-28 2020-09-15 Headwater Research Llc Device group partitions and settlement platform
US8473442B1 (en) 2009-02-25 2013-06-25 Mcafee, Inc. System and method for intelligent state management
US8667121B2 (en) 2009-03-25 2014-03-04 Mcafee, Inc. System and method for managing data and policies
US8447722B1 (en) 2009-03-25 2013-05-21 Mcafee, Inc. System and method for data mining and security policy management
US20110126018A1 (en) * 2009-11-23 2011-05-26 Anees Narsinh Methods and systems for transaction digital watermarking in content delivery network
US20120059712A1 (en) * 2009-12-11 2012-03-08 Stalker James R Web enhancing systems and methods
JP5567906B2 (en) 2010-06-04 2014-08-06 インターナショナル・ビジネス・マシーンズ・コーポレーション Apparatus and method for supporting screen reproduction
US8806615B2 (en) 2010-11-04 2014-08-12 Mcafee, Inc. System and method for protecting specified data combinations
CN107094176B (en) * 2010-12-30 2021-07-30 皮尔爱普有限公司 Method and system for caching data traffic on a computer network
CN103548307B (en) 2010-12-30 2018-05-29 皮尔爱普有限公司 The method and system of data is transmitted by computer network
US8544090B1 (en) * 2011-01-21 2013-09-24 Symantec Corporation Systems and methods for detecting a potentially malicious uniform resource locator
JP2013077188A (en) * 2011-09-30 2013-04-25 Brother Ind Ltd Information processing program, information processing device and information processing method
US9460295B2 (en) * 2011-10-12 2016-10-04 International Business Machines Corporation Deleting information to maintain security level
US20130124870A1 (en) * 2011-11-16 2013-05-16 Certicom Corp. Cryptographic document processing in a network
US8683207B2 (en) * 2011-12-19 2014-03-25 Microsoft Corporation Updating signature algorithms for strong name binding
US8700561B2 (en) 2011-12-27 2014-04-15 Mcafee, Inc. System and method for providing data protection workflows in a network environment
US8955103B2 (en) * 2012-01-05 2015-02-10 Hightail, Inc. System and method for decentralized online data transfer and synchronization
US8966248B2 (en) * 2012-04-06 2015-02-24 GM Global Technology Operations LLC Secure software file transfer systems and methods for vehicle control modules
US8838715B2 (en) * 2012-05-25 2014-09-16 Sap Ag Providing client system support
JP5921693B2 (en) * 2012-08-09 2016-05-24 日本電信電話株式会社 Trace center device
ES2736955T3 (en) * 2012-08-27 2020-01-09 Broadpeak System and method for distributing audiovisual content to a client device
CN102929958A (en) * 2012-10-10 2013-02-13 无锡江南计算技术研究所 Metadata processing method, agenting and forwarding equipment, server and computing system
JP6056384B2 (en) * 2012-10-31 2017-01-11 株式会社リコー System and service providing apparatus
US8862868B2 (en) 2012-12-06 2014-10-14 Airwatch, Llc Systems and methods for controlling email access
CN103856468B (en) * 2012-12-06 2017-05-31 鸿富锦精密工业(深圳)有限公司 Authentication system and method
US8826432B2 (en) 2012-12-06 2014-09-02 Airwatch, Llc Systems and methods for controlling email access
US8978110B2 (en) 2012-12-06 2015-03-10 Airwatch Llc Systems and methods for controlling email access
US9021037B2 (en) 2012-12-06 2015-04-28 Airwatch Llc Systems and methods for controlling email access
CN103036883B (en) * 2012-12-14 2015-11-04 公安部第一研究所 A kind of safe communication method of security server and system
KR102063681B1 (en) * 2013-03-11 2020-01-08 삼성전자주식회사 Communicaton method of administration node, requesting node and normal node deleting unvalid contents using contents revocation list in a contents centric network
WO2014159862A1 (en) 2013-03-14 2014-10-02 Headwater Partners I Llc Automated credential porting for mobile devices
JP6367523B2 (en) * 2013-03-18 2018-08-01 晴明 山崎 Data transmission / reception method and data transmission / reception system using wide area communication network
CN104065688B (en) * 2013-03-22 2018-09-11 深圳市腾讯计算机系统有限公司 A kind of method and device for calling underlying services
US9787686B2 (en) 2013-04-12 2017-10-10 Airwatch Llc On-demand security policy activation
US9270467B1 (en) * 2013-05-16 2016-02-23 Symantec Corporation Systems and methods for trust propagation of signed files across devices
JP6171597B2 (en) * 2013-06-10 2017-08-02 富士通株式会社 Verification system, verification method, verification program
KR102134429B1 (en) * 2013-10-04 2020-07-15 삼성전자주식회사 Method and apparatus for content verification
US9240994B2 (en) * 2013-10-28 2016-01-19 At&T Intellectual Property I, Lp Apparatus and method for securely managing the accessibility to content and applications
EP2942925B1 (en) * 2014-05-05 2016-08-24 Advanced Digital Broadcast S.A. A method and system for providing a private network
CN105991565B (en) * 2015-02-05 2019-01-25 阿里巴巴集团控股有限公司 Method, system and the database proxy server of read and write abruption
CN104967604B (en) * 2015-04-21 2018-07-20 深圳市腾讯计算机系统有限公司 Login method and system
US9197673B1 (en) * 2015-05-18 2015-11-24 A2Zlogix, Inc. System and method for reception and transmission optimization of secured video, image, audio, and other media traffic via proxy
JP2017182665A (en) * 2016-03-31 2017-10-05 富士通株式会社 Information processing device, data providing system, data providing method, and data providing program
US20190327310A1 (en) * 2016-12-09 2019-10-24 Nutanix, Inc. Efficient approach for achieving session failover for http traffic in a scale out web tier using a shared salt
JP7343041B2 (en) 2020-03-27 2023-09-12 日本電気株式会社 Verification equipment, verification system, verification method and verification program

Family Cites Families (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2000285061A (en) 1999-03-31 2000-10-13 Nec Corp Proxy access control system
WO2000064122A1 (en) * 1999-04-15 2000-10-26 Gilian Technologies, Ltd. Monitoring integrity of transmitted data
EP1132799B1 (en) * 2000-01-06 2004-04-28 International Business Machines Corporation Method and system for generating and using a virus free file certificate
US7426750B2 (en) * 2000-02-18 2008-09-16 Verimatrix, Inc. Network-based content distribution system
JP2002135239A (en) 2000-10-20 2002-05-10 Nec Corp Encryption data distribution service system
JP3629516B2 (en) * 2000-11-02 2005-03-16 インターナショナル・ビジネス・マシーンズ・コーポレーション Proxy server, electronic signature system, electronic signature verification system, network system, electronic signature method, electronic signature verification method, and storage medium
JP4139228B2 (en) * 2001-02-26 2008-08-27 フォースパス インコーポレイテッド Billing method and system based on application communication
US7200575B2 (en) * 2001-02-27 2007-04-03 Hewlett-Packard Development Company, L.P. Managing access to digital content

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101170520B (en) * 2007-11-27 2010-06-02 宁波大学 A network system signal processing method based on UDDI
CN104205884A (en) * 2012-03-16 2014-12-10 英特尔公司 Multicast broadcast multimedia service-assisted content distribution
CN104205884B (en) * 2012-03-16 2018-05-08 英特尔公司 Multicast broadcast multimedia service auxiliary content is distributed
US10320552B2 (en) 2012-03-16 2019-06-11 Intel Corporation Multicast broadcast multimedia service-assisted content distribution
CN103873430A (en) * 2012-12-10 2014-06-18 腾讯科技(深圳)有限公司 Method, client and system for page information verification
CN108243143A (en) * 2016-12-23 2018-07-03 北京明朝万达科技股份有限公司 A kind of gateway penetrating method and system based on different web agent
CN108243143B (en) * 2016-12-23 2020-05-19 北京明朝万达科技股份有限公司 Web agent-based gatekeeper penetration method and system
CN114584602A (en) * 2022-03-01 2022-06-03 百果园技术(新加坡)有限公司 Session state management method, system, device, equipment and storage medium
CN114584602B (en) * 2022-03-01 2023-08-29 百果园技术(新加坡)有限公司 Session state management method, system, device, equipment and storage medium

Also Published As

Publication number Publication date
DE60309796T2 (en) 2007-10-11
JP2004102951A (en) 2004-04-02
JP4309629B2 (en) 2009-08-05
EP1398710B1 (en) 2006-11-22
CN1287305C (en) 2006-11-29
US7219134B2 (en) 2007-05-15
EP1398710A2 (en) 2004-03-17
US20040054779A1 (en) 2004-03-18
DE60309796D1 (en) 2007-01-04
EP1398710A3 (en) 2004-11-17

Similar Documents

Publication Publication Date Title
CN1287305C (en) Network system
US7673331B2 (en) Server certificate issuing system
US8589372B2 (en) Method and system for automated document registration with cloud computing
CN1182479C (en) System and method for effectively collecting aranging and access to withdrew table of certificate
US8341141B2 (en) Method and system for automated document registration
JP4520840B2 (en) Encrypted communication relay method, gateway server device, encrypted communication program, and encrypted communication program storage medium
US7443986B2 (en) Key allocating method and key allocation system for encrypted communication
US8914351B2 (en) Method and system for secure automated document registration from social media networks
CN1284099C (en) Electronic keying system and use method thereof
CN109691057B (en) Interchangeably retrieving sensitive content via a private content distribution network
RU2573760C2 (en) Declaration-based content reputation service
US20040213283A1 (en) Information transmitting apparatus, information saving apparatus, information receiving apparatus, method for using the same, and recording medium thereof
CN1767438A (en) System and method for verifying digital signatures on certificates
CN1855884A (en) Load balancing server and system
CN1653779A (en) System and method for supporting multiple certificate status providers on a mobile communication device
JP6819748B2 (en) Information processing equipment, information processing systems and programs
JP2006217196A (en) Method and system for authenticating radio lan
WO2017002496A1 (en) Communication system and program
CN1798021A (en) Communication supporting server, method and system
JP6536609B2 (en) Management device and document management system
JP2018156410A (en) Information processing apparatus and program
JP6783527B2 (en) Electronic key re-registration system, electronic key re-registration method and program
JP2020047222A (en) Document management system
JP2020017308A (en) Information processing apparatus and program
WO2019058696A1 (en) Information processing device, protection processing device, and usage terminal

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20061129

Termination date: 20140912

EXPY Termination of patent right or utility model